How to create a secure password

Why You Need a Strong Password

Whether you’re logging into Office 365 at work or signing into Amazon, Netflix or Facebook, passwords are an essential part of daily life. In this guide, we’re going to show you how to create a strong password.

Passwords exist to protect valuable information stored on personal and company devices. Passwords also protect the computer systems of companies you do business with from the attention of organised criminal gangs who wish to profit from your valuable data.

Data. Your most valuable commodity

Recently, data such as user credentials, bank details, personal addresses and passwords have become a precious commodity to online fraudsters looking to profit from the trusting nature of honest, hard working people.

The number of logins we now have to deal with every day also means we’re more likely to re-use the same password for multiple sites; a dangerous tactic that potentially lets criminals penetrate multiple sources of information at once.

Recent hacking incidents aimed at high-profile companies such as Sony, Apple and Talk Talk have highlighted a very real need for businesses to take online security much more seriously. The companies mentioned, as well as many small, less well-known enterprises, are counting the cost in lost profits, reputational damage, and loss of consumer trust.

Three Common Tactics Used by Hackers

Brute Force Attack

A Brute force attack is a method of breaking into a computer network based on a trial and error approach which attempts to guess every character of your password using hundreds of thousands or even millions of attempts. Brute force attacks are time-consuming and easily preventable with account lockout policies, similar to the ones implemented by Network ROI.

Dictionary Attack

A dictionary attack is a method of breaking into a computer network based on trial and error but unlike the brute force attack, the dictionary attack uses a list of common words used in passwords. Every time a dictionary attack is successful, it adds the cracked password to it’s own database.

Dictionary attacks guess passwords much faster than brute force because they are targeting a smaller amount of commonly used passwords. Account lockout policies provide a degree of protection against these types of attack, but won’t stop them all.

Password Spraying

Password Spraying is a method of breaking into a computer network based on guessing the username with a commonly used password. Password spraying works against lockout policies by limiting the number of attempts to break into the network against any single account. Password spraying usually targets thousands of machines at once.

Password Do’s and Don’ts

Do

Choose something that you can easily remember without writing down.

Choose something that you can type quickly, reducing the chance of someone stealing your password by looking over your shoulder

We recommend using 15 characters, ideally a mixture of upper case and lower case letters, numbers and symbols

Use between two and four short, random words with spaces or symbols that join them together

Use a good password generator software if you find the tips above tricky

Use the first letter of each word from a favourite poem or song – preferably one with a long title

Don’t

Don’t use your name, company name or something personal to you that can be found on social media such as birthday, dog name, child name etc.

Don’t base your password on something located close to you such as mouse, monitor, keyboard etc.

Never use the word password in any form. e.g. ‘Pa$$w0rd’ or ‘pa55word’

Don’t use a word found in the English dictionary, or a foreign one for that matter

Don’t use a simple keyboard sequence such as ‘qwerty’, ‘zxcvbnm’ or ’abcdefg’

Don’t use the name of your favourite sports team actor or musician, especially if that information can be easily found on social media

Never use a password based on your name, account name, username or email address

Don’t simply double up on a word. e.g. ‘bookbook’

Don’t reverse a word. e.g. ‘koob’

Don’t rely on adding numbers to replace letters in common words such as ‘5pac3man’ or ‘m0n1tor’

Password examples

Here are some examples of both good and bad passwords. the trick is to find something that is both memorable, but difficult for a machine to guess. The example at the bottom will be extremely difficult for a machine to decipher, but also difficult for you to memorise.

Also, never use the actual examples shown in any password resource as there is a good possibility they have been added to a criminal database somewhere.

Bad

Pa55w0rd Pa$$w0rd qwertyuiop Liverp00lFC 1234567890

Good

Rose-Lion-Ring! 1Rose2Lion5Ring! 1R0se2L10n5R1ng! 1r0Se2L10n5r1nG!

Password resources

There are lots of great resources available to help you manage passwords for both business and personal logins. Here are some examples of commonly used password generators and management tools.

If you are a fan of tech startups, there are few tech entrepreneurs younger than 11-year-old Mira Modi. You can send her $2 and she will create a virtually uncrackable password for you using the diceware method.

Lastpass – www.lastpass.comLastpass is a popular management tool that stores your encrypted passwords in the cloud. Lastpass works across all your devices and can be accessed as long as you have an internet connection.

KeePass is a free, open-source manager that keeps your passwords in a database that you secure using a master key or a key file. You only have to remember one master password to gain access to your vault. Remember to follow the tips above to make it strong, or crooks will have access to all your information!

Download your free Password Essentials guide

Make weak passwords a thing of the past.

By clicking ‘Submit’ you are giving consent to receive email marketing communications from Network ROI Ltd as outlined in our Privacy Policy

Your Name*

Your Email*

Stay connected with Network ROI*

We'd love to keep in touch with you by email with offers, news and new product information. We treat all personal data with respect, and we promise NEVER to sell your details to third parties for marketing purposes.

Yes please. I would love to receive Network ROI news, offers and new product information

No thanks. I don't want to receive Network ROI news, offers and new product information